Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[ScreenOS] How Many Certificates Do I Need to Enable Both SSL Management and Use PKI VPN on My High Availability Pair?

0

0

Article ID: KB6672 KB Last Updated: 15 Apr 2016Version: 4.0
Summary:

How Many Certificates Do I Need to Enable Both SSL Management and Use PKI VPN on My High Availability Pair?

Symptoms:
  • SSL Management High Availability (HA) NSRP cluster Certificate Failover PKI VPN needs to enable SSL Management and use PKI VPN on my HA devices.

  • Need to securely manage both HA devices at the same time and use PKI VPN simultaneously.

  • Need to securely manage each HA device one at a time and use PKI VPN simultaneously.

Solution:

This article applies to NetScreen High Availability devices only.

The number of certificates required depends on whether VSYS is used. A CA certificate, and corresponding CRL is global, and therefore will be shared among each VSD and VSYS.

You will need one local certificate for each VSYS. If you do not have a multiple VSYS configuration, then only one local, one CA certificate, and one CRL is required for the cluster.

Once the certificate is loaded on the device, the certificate files will be synchronized to the backup device. Both devices will then have the same certificates. All subsequent configurations will be the same as if using a standalone firewall configuration.



Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search